diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-03-07 10:52:01 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-03-09 21:56:42 +0100 |
commit | de1461ac5e85049cfa14bee04363ae4547d1fdb1 (patch) | |
tree | 2a33f2b93ca1655e66ac75ba6f78cd7c4670da32 | |
parent | dissect-image: set MS_NOSYMFOLLOW for ESP/XBOOTLDR (diff) | |
download | systemd-de1461ac5e85049cfa14bee04363ae4547d1fdb1.tar.xz systemd-de1461ac5e85049cfa14bee04363ae4547d1fdb1.zip |
gpt-auto-generator: port to partition_pick_mount_options() too
This way we'll have the same mount options in place if we boot via the
gpt generator, or if we mount a DDI locally.
Note that this will also enable MS_NOSYMFOLLOW on ESP and XBOOTLDR now,
if booted via gpt-auto-generator.
-rw-r--r-- | src/gpt-auto-generator/gpt-auto-generator.c | 83 |
1 files changed, 59 insertions, 24 deletions
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index a197ea9da6..2a5222e6b9 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -245,9 +245,7 @@ static int add_mount( fprintf(f, "Type=%s\n", fstype); if (options) - fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro"); - else - fprintf(f, "Options=%s\n", rw ? "rw" : "ro"); + fprintf(f, "Options=%s\n", options); r = fflush_and_check(f); if (r < 0) @@ -301,18 +299,31 @@ static int path_is_busy(const char *where) { } static int add_partition_mount( + PartitionDesignator d, DissectedPartition *p, const char *id, const char *where, const char *description) { + _cleanup_free_ char *options = NULL; int r; + assert(p); r = path_is_busy(where); if (r != 0) return r < 0 ? r : 0; + r = partition_pick_mount_options( + d, + dissected_partition_fstype(p), + p->rw, + /* discard= */ true, + &options, + /* ret_ms_flags= */ NULL); + if (r < 0) + return r; + return add_mount( id, p->node, @@ -321,7 +332,7 @@ static int add_partition_mount( p->rw, p->growfs, /* measure= */ STR_IN_SET(id, "root", "var"), /* by default measure rootfs and /var, since they contain the "identity" of the system */ - NULL, + options, description, SPECIAL_LOCAL_FS_TARGET); } @@ -452,20 +463,8 @@ static int add_automount( return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit); } -static const char *esp_or_xbootldr_options(const DissectedPartition *p) { - assert(p); - - /* Discovered ESP and XBOOTLDR partition are always hardened with "noexec,nosuid,nodev". - * If we probed vfat or have no idea about the file system then assume these file systems are vfat - * and thus understand "umask=0077". */ - - if (!p->fstype || streq(p->fstype, "vfat")) - return "umask=0077,noexec,nosuid,nodev"; - - return "noexec,nosuid,nodev"; -} - static int add_partition_xbootldr(DissectedPartition *p) { + _cleanup_free_ char *options = NULL; int r; assert(p); @@ -489,13 +488,23 @@ static int add_partition_xbootldr(DissectedPartition *p) { if (r > 0) return 0; + r = partition_pick_mount_options( + PARTITION_XBOOTLDR, + dissected_partition_fstype(p), + /* rw= */ true, + /* discard= */ false, + &options, + /* ret_ms_flags= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to determine default mount options for Boot Loader Partition: %m"); + return add_automount("boot", p->node, "/boot", p->fstype, /* rw= */ true, /* growfs= */ false, - esp_or_xbootldr_options(p), + options, "Boot Loader Partition", 120 * USEC_PER_SEC); } @@ -503,6 +512,7 @@ static int add_partition_xbootldr(DissectedPartition *p) { #if ENABLE_EFI static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) { const char *esp_path = NULL, *id = NULL; + _cleanup_free_ char *options = NULL; int r; assert(p); @@ -569,13 +579,23 @@ static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) { } else log_debug("Not an EFI boot, skipping ESP check."); + r = partition_pick_mount_options( + PARTITION_ESP, + dissected_partition_fstype(p), + /* rw= */ true, + /* discard= */ false, + &options, + /* ret_ms_flags= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to determine default mount options for EFI System Partition: %m"); + return add_automount(id, p->node, esp_path, p->fstype, /* rw= */ true, /* growfs= */ false, - esp_or_xbootldr_options(p), + options, "EFI System Partition Automount", 120 * USEC_PER_SEC); } @@ -637,6 +657,7 @@ static int add_root_cryptsetup(void) { static int add_root_mount(void) { #if ENABLE_EFI + _cleanup_free_ char *options = NULL; int r; if (!is_efi_boot()) { @@ -668,6 +689,20 @@ static int add_root_mount(void) { /* Note that we do not need to enable systemd-remount-fs.service here. If * /etc/fstab exists, systemd-fstab-generator will pull it in for us. */ + r = partition_pick_mount_options( + PARTITION_ROOT, + arg_root_fstype, + arg_root_rw > 0, + /* discard= */ true, + &options, + /* ret_ms_flags= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to pick root mount options: %m"); + + if (arg_root_options) + if (!strextend_with_separator(&options, ",", arg_root_options)) + return log_oom(); + return add_mount( "root", "/dev/gpt-auto-root", @@ -676,7 +711,7 @@ static int add_root_mount(void) { /* rw= */ arg_root_rw > 0, /* growfs= */ false, /* measure= */ true, - arg_root_options, + options, "Root Partition", in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET); #else @@ -745,25 +780,25 @@ static int enumerate_partitions(dev_t devnum) { } if (m->partitions[PARTITION_HOME].found) { - k = add_partition_mount(m->partitions + PARTITION_HOME, "home", "/home", "Home Partition"); + k = add_partition_mount(PARTITION_HOME, m->partitions + PARTITION_HOME, "home", "/home", "Home Partition"); if (k < 0) r = k; } if (m->partitions[PARTITION_SRV].found) { - k = add_partition_mount(m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition"); + k = add_partition_mount(PARTITION_SRV, m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition"); if (k < 0) r = k; } if (m->partitions[PARTITION_VAR].found) { - k = add_partition_mount(m->partitions + PARTITION_VAR, "var", "/var", "Variable Data Partition"); + k = add_partition_mount(PARTITION_VAR, m->partitions + PARTITION_VAR, "var", "/var", "Variable Data Partition"); if (k < 0) r = k; } if (m->partitions[PARTITION_TMP].found) { - k = add_partition_mount(m->partitions + PARTITION_TMP, "var-tmp", "/var/tmp", "Temporary Data Partition"); + k = add_partition_mount(PARTITION_TMP, m->partitions + PARTITION_TMP, "var-tmp", "/var/tmp", "Temporary Data Partition"); if (k < 0) r = k; } |